Hi, I want to stop routing for 1 particular host in my network. I thought that this would do it: iptables -D INPUT -d aaa.bbb.ccc.ddd -j DROP iptables -D INPUT -s aaa.bbb.ccc.ddd -j DROP But that still shows traffic. What is the corract way to do that? Groeten, Joost Kraaijeveld Askesis B.V. Molukkenstraat 14 6524NB Nijmegen tel: 024-3888063 / 06-51855277 fax: 024-3608416 e-mail: J.Kraaijeveld@Askesis.nl web: www.askesis.nl
Joost Kraaijeveld wrote:> Hi, > > I want to stop routing for 1 particular host in my network. I thought that this would do it: > > iptables -D INPUT -d aaa.bbb.ccc.ddd -j DROP > iptables -D INPUT -s aaa.bbb.ccc.ddd -j DROP > > But that still shows traffic. What is the corract way to do that?Hello, maybe iptables -I FORWARD -d aaa.bbb.ccc.ddd -j DROP iptables -I FORWARD -s aaa.bbb.ccc.ddd -j DROP Martin
On Tue, Apr 04, 2006 at 08:55:37AM +0200, Joost Kraaijeveld wrote:> Hi, > > I want to stop routing for 1 particular host in my network. I thought that this would do it: > > iptables -D INPUT -d aaa.bbb.ccc.ddd -j DROP > iptables -D INPUT -s aaa.bbb.ccc.ddd -j DROP > > But that still shows traffic. What is the corract way to do that?If you''d like to do it in this way -- use FORWARD instead of INPUT. Forwarded traffic never travels INPUT/OUTPUT chains. The same but better, possibly: # iptables -I FORWARD 1 -i <input_iface> -s aaa.bbb.ccc.ddd -j DROP # if host is not being NAT''ed: iptables -I FORWARD 1 -i <output_iface> -d aaa.bbb.ccc.ddd -j DROP Start with this, and read the manual :-) (You shouldn''t use `-D'' above anyway) You could use policy routing, too, I guess.> > Groeten, > > Joost Kraaijeveld > Askesis B.V. > Molukkenstraat 14 > 6524NB Nijmegen > tel: 024-3888063 / 06-51855277 > fax: 024-3608416 > e-mail: J.Kraaijeveld@Askesis.nl > web: www.askesis.nl-- _,-=._ /|_/| `-.} `=._,.-=-._., @ @._, `._ _,-. ) _,.-'' ` G.m-"^m`m'' Dmytro O. Redchuk
lartc-bounces@mailman.ds9a.nl wrote:> Hi, > > I want to stop routing for 1 particular host in my network. I > thought that this would do it: > > iptables -D INPUT -d aaa.bbb.ccc.ddd -j DROP > iptables -D INPUT -s aaa.bbb.ccc.ddd -j DROPOoops, silly me. Should be (as others pointed out): iptables -A INPUT -d aaa.bbb.ccc.ddd -j DROP iptables -A INPUT -s aaa.bbb.ccc.ddd -j DROP BTW: I always think very hard, RTFM and search with Google before I ask a stupid question... Groeten, Joost Kraaijeveld Askesis B.V. Molukkenstraat 14 6524NB Nijmegen tel: 024-3888063 / 06-51855277 fax: 024-3608416 e-mail: J.Kraaijeveld@Askesis.nl web: www.askesis.nl
lartc-bounces@mailman.ds9a.nl wrote:> lartc-bounces@mailman.ds9a.nl wrote: >> Hi, >> >> I want to stop routing for 1 particular host in my network. I >> thought that this would do it: >> >> iptables -D INPUT -d aaa.bbb.ccc.ddd -j DROP >> iptables -D INPUT -s aaa.bbb.ccc.ddd -j DROP > Ooops, silly me. Should be (as others pointed out): > > iptables -A INPUT -d aaa.bbb.ccc.ddd -j DROP > iptables -A INPUT -s aaa.bbb.ccc.ddd -j DROP > > BTW: I always think very hard, RTFM and search with Google > before I ask a stupid question...And I have to learn to type /copy & paste /pay attention to what I am doing iptables -A FORWARD -d aaa.bbb.ccc.ddd -j DROP iptables -A FORWARD -s aaa.bbb.ccc.ddd -j DROP Groeten, Joost Kraaijeveld Askesis B.V. Molukkenstraat 14 6524NB Nijmegen tel: 024-3888063 / 06-51855277 fax: 024-3608416 e-mail: J.Kraaijeveld@Askesis.nl web: www.askesis.nl
On Tue, Apr 04, 2006 at 09:25:21AM +0200, Joost Kraaijeveld wrote:> lartc-bounces@mailman.ds9a.nl wrote: > > lartc-bounces@mailman.ds9a.nl wrote: > >> Hi, > >> > >> I want to stop routing for 1 particular host in my network. I > >> thought that this would do it: > >> > >> iptables -D INPUT -d aaa.bbb.ccc.ddd -j DROP > >> iptables -D INPUT -s aaa.bbb.ccc.ddd -j DROP > > Ooops, silly me. Should be (as others pointed out): > > > > iptables -A INPUT -d aaa.bbb.ccc.ddd -j DROP > > iptables -A INPUT -s aaa.bbb.ccc.ddd -j DROP > > > > BTW: I always think very hard, RTFM and search with Google > > before I ask a stupid question... > > And I have to learn to type /copy & paste /pay attention to what I am doing > > iptables -A FORWARD -d aaa.bbb.ccc.ddd -j DROP > iptables -A FORWARD -s aaa.bbb.ccc.ddd -j DROPtry iptables -I FORWARD 1 ...... to make this rule the first one.> > Groeten, > > Joost Kraaijeveld > Askesis B.V. > Molukkenstraat 14 > 6524NB Nijmegen > tel: 024-3888063 / 06-51855277 > fax: 024-3608416 > e-mail: J.Kraaijeveld@Askesis.nl > web: www.askesis.nl-- _,-=._ /|_/| `-.} `=._,.-=-._., @ @._, `._ _,-. ) _,.-'' ` G.m-"^m`m'' Dmytro O. Redchuk